December 5, 2023

The CISA has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046 & CVE-2021-45105

log4j-scanner is a project derived from other members of the open-source community by CISA’s Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities

Advertisements

This scanning solution builds upon similar tools, including an automated scanning framework for the CVE-2021-44228 bug dubbed Log4Shell.This enables security teams to scan network hosts for Log4j RCE exposure and spot web application firewall (WAF) bypasses that can allow threat actors to gain code execution within the organization’s environment.

CISA highlights the following features on log4j-scanner’s project page:

  • Support for lists of URLs.
  • Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).
  • Fuzzing for HTTP POST Data parameters.
  • Fuzzing for JSON data parameters.
  • Supports DNS callback for vulnerability discovery and validation.
  • WAF Bypass payloads.
Advertisements

CISA’s also spearheading a push for urgently patching devices vulnerable to Log4Shell attacks to block threat actors’ attempts to exploit Log4Shell vulnerable systems and infect them with malware.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023

LogoFAIL Firmware Attack

December 3, 2023

Proliance Surgeons Discloses a Data Breach

December 3, 2023

23andMe Breach affected 14K Customers

December 3, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

Staples affected by a Cyber Attack

December 2, 2023
%d